updated the Java SDK
upgraded internal logging libraries to Log4j2 v2.17.2
In order to support huge modular input configuration xml strings when users want to run a very large number of inputs on 1 single instance of this app , we had to change the way that the child java process is invoked. Previously the xml string was passed as a program argument which could break the max argument size in the Linux kernel. Now we changed the logic to pass the xml string to the java process via the STDIN pipe.
The app performs periodic socket pings to the splunkd management port to determine if splunkd is still alive and if splunkd is not responding , usually because it has exited or is not network reachable, then the app self exits it's running java process.The default timeout is now 300 seconds. You can change this timeout value in bin/jms.py by setting the SPLUNKD_TIMEOUT_SECS variable.
fixed a bug in getting credentials from storage/passwords
upgraded internal logging libraries to Log4j2 v2.17.0
upgraded internal logging libraries to Log4j2 v2.16.0
upgraded internal logging libraries to Log4j2 v2.15.0
Setup Credentials menu tab and enter any passwords you require.upgraded logging functionality
added a setup page to encrypt any credentials you require in your configuration
enforced python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.9).
Dual Python 2.7 and 3+ compatibility.
App will run on :
Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime
added JAXB dependencies for JRE 9+
fixed Splunk 8 compatibility for manager.xml file
updated docs
added trial key functionality
docs updated
minor manager xml ui tweak for 7.1
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Docs updated
Splunk 7.1 compatible
Added a new message handler that just dumps the message body :
com.splunk.modinput.jms.custom.handler.BodyOnlyMessageHandler
Minor HEC data handling tweaks
Added support to optional output to Splunk via a HEC (HTTP Event Collector) endpoint
Enabled TLS1.2 support by default.
Made the core Modular Input Framework compatible with latest Splunk Java SDK
Please use a Java Runtime version 7+
If you need to use SSLv3 , you can turn this on in bin/jms.py
SECURE_TRANSPORT = "tls"
Changed the point in the code where client ID is set for durable topic subscriptions
Added a LocalConnectionFactory for ActiveMQ
Added the ability to declare custom JVM System Properties in your stanzas
Minor cosmetic fix
Added system property javax.net.ssl.trustStorePassword to LocalMQConnectionFactory
Added a custom local JMS resource factory for Websphere MQ users that allows you to create a MQConnectionFactory class instance directly vs looking it up via JNDI.
The implementation class name you can declare in you stanza is : com.splunk.modinput.jms.custom.factory.LocalMQConnectionFactory
It depends on the MQ JMS jar files being in SPLUNK_HOME/etc/apps/jms_ta/bin/lib
Parameter values supported are (showing example values) :
sslEnabled=true
sslCipherSuite=SSL_RSA_WITH_NULL_MD5
sslTrustStore=myTrustStore
sslKeyStore=myKeyStore
sslKeyStorePassword=somepass
transportType=1
queueManager=myQueueMgr
channel=myChannel
clientID=myClientID
port=1414
hostName=127.0.0.1
You declare these in the stanza also in a key=value string , comma delimited :
sslEnabled=true,sslCipherSuite=SSL_RSA_WITH_NULL_MD5,sslTrustStore=myTrustStore,sslKeyStore=myKeyStore,sslKeyStorePassword=somepass,queueManager=myQueueMgr,channel=myChannel,transportType=1,clientID=myClientID,port=1414,hostName=127.0.0.1
Changed suffix to .spl
Removed field validation constraints when selecting local mode
Updated configuration screen , hopefully it is simpler and more intuitive
More verbose error logging ++ Removed usage of hostname for REST callbacks and replaced with localhost to alleviate issues where admins haven't setup local DNS correctly
Added support for very large message payloads, basically a refactoring of the XML streaming output so that SplunkD can correctly process large message payloads
Refactored the core engine so that now you can declare a pluggable JMS Message handler.For the most part you'll probably just rely on the default message handler that is part of the mod input. But given that a message producer can basically put anything in the message payload, there may be scenarios where you need some custom handling for the raw message payload ,so this new features provides this flexibility.
Patched a hole whereby the "disabled" property is not passed to the Mod Input by SplunkD when it is first created
Added more detailed error logging (written to $SPLUNK_HOME/var/log/splunk/splunkd.log) for troubleshooting
Fixed a possible(in theory) race condition scenario at startup ++ Added support for Queue Browsing , user can choose browsing mode(dump all messages or output summary stats about the queue) and the browsing frequency.
Some core framework tweaks++Added config option so users can specify whether or not to strip newline characters from the message body
Added runtime support for solaris, aix, freebsd, hp-ux***Added support to prefix your destination name with a server identifier , which now makes it possible to setup jms stanzas that have the same destination name but on different servers
Added REST API polling calls to the mod input so that it can poll SplunkD for the enabled/disabled status of each queue/topic stanza and stop message polling threads accordingly or terminate the entire mod input process if all queue/topic stanzas have been disabled.Using the Splunk Java SDK v1.0 for the REST API call, hence splunk.jar is now included in this release.
Added better handling of Binary message types
Added support for providing user/pass for the topic/queue
Cosmetic fix, added screenshot.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.